Back to overview
Degraded

Some CBI signing services are encountering errors

May 22 at 02:09pm CEST
Affected services
CBI

Resolved
May 24 at 11:39pm CEST

Signing services are back online! Thank you for your patience.

Updated
May 23 at 06:49pm CEST

New compute resources have been provisioned, and the HSM has been connected. This was necessary because the services were previously running in a highly virtualized environment without access to hardware devices. We are now adapting the signing services to use the HSM as the key provider instead of the old keystore. Unfortunately, we no longer have an ETA as we keep encountering unexpected challenges. Thank you for your patience.

Updated
May 23 at 10:49am CEST

The code-signing certificate deployed to production expired on May 21 at 23:59 UTC. Anything built and signed before this date remains valid. However, all signed JAR and PE32 (.exe, .dll) artifacts signed since May 22 are invalid due to the use of the expired certificate.

Efforts to update the certificate are ongoing. This update is not routine, as the secret key must now be stored on a Hardware Security Module (HSM), a new requirement from the codesigning Certificate Authorities. The use of the HSM requires significant effort to implement. We are hopeful to have it back in order by today, EOB (EDT).

Created
May 22 at 02:09pm CEST

Jar signing and PE32 (.exe, .dll) signing services are impacted. We have identified the issue and are working on its resolution.